US6219726B1 - System for providing access protection on media storage devices by selecting from a set of generated control parameters in accordance with application attributes - Google Patents

System for providing access protection on media storage devices by selecting from a set of generated control parameters in accordance with application attributes Download PDF

Info

Publication number
US6219726B1
US6219726B1 US08/281,868 US28186894A US6219726B1 US 6219726 B1 US6219726 B1 US 6219726B1 US 28186894 A US28186894 A US 28186894A US 6219726 B1 US6219726 B1 US 6219726B1
Authority
US
United States
Prior art keywords
access
tape
extent
control parameters
application program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
US08/281,868
Other languages
English (en)
Inventor
Richard A. Ripberger
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Priority to US08/281,868 priority Critical patent/US6219726B1/en
Assigned to INTERNATIONAL BUSINESS MACHINES CORPORATION reassignment INTERNATIONAL BUSINESS MACHINES CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: RIPBERGER, RICHARD A.
Priority to CN95104777A priority patent/CN1081362C/zh
Priority to JP13525495A priority patent/JP3600313B2/ja
Priority to DE69517256T priority patent/DE69517256T2/de
Priority to EP95304641A priority patent/EP0695986B1/de
Priority to KR1019950021741A priority patent/KR100213849B1/ko
Application granted granted Critical
Publication of US6219726B1 publication Critical patent/US6219726B1/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/80Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors

Definitions

  • the present invention relates to storage devices. More specifically, the present invention relates to systems for regulating access to tape devices.
  • Data integrity is a key consideration in any data processing system. Most data processing environments have requirements to prevent data integrity problems due to unauthorized access to data. Certain programs exist which allow a system to input access criteria for datasets and access authority for users. The system then uses this information to manage data access. For tape devices, this protection mechanism is typically limited to management of access to the entire tape, referred to as a “volume”.
  • Tape devices have, however, traditionally supported the storing of multiple datasets on the same volume. Even in the case of a single dataset, there is the additional consideration that there may be residual data left on the medium from some prior usage which is beyond the end of the last written dataset. Access to such residual information is referred to as “object reuse” in some arenas. Both of these conditions represent potential security exposures if the accesses to the medium are not managed to the scope of the data on the medium to which the user is authorized. This would typically be a single dataset.
  • tape applications are allowed to issue input/output (I/O) commands (e.g., channel programs), typically without much supervision by the control program.
  • I/O input/output
  • the control program is responsible for performing label and file formatting while the application is responsible for reading or writing the data portion of the file.
  • some devices provide a protection assist mechanism to reject certain commands which are reserved for use by the control program, this protection is not used to control commands which access the medium.
  • commands which allow random position to different blocks or partitions on the medium an application has the ability to position outside of the single file which it has been given access to by the control program and associated security software.
  • volume only a single file can be stored on the volume. Multiple files would be exposed to the application accessing data in more than one file. As volume capacities increase, storage of multiple files to utilize capacity becomes a critical part of storage management. The average file size is typically significantly less than the full capacity of a volume.
  • the application may overwrite formatted portions of the volume which should not be overwritten, such as the label group for the dataset.
  • the application may attempt to write formatting information, such as tape marks, which would lead to invalid file formatting on the medium.
  • the application may attempt to unload the medium before the control program has a chance to finish file formatting on the medium. This might allow the application to unload the current medium and access some other medium.
  • some devices provide a Load command.
  • Some device loaders have an automatic mode of loading which causes another volume to be loaded when the current volume is unloaded.
  • the time required to perform an erase function may be significant. On most tape devices, this function requires that the device overwrite any portions of the volume which follow the end of the file. As volume capacities increase, the time spent performing this function increases linearly. For instance, the time to erase a 10 gigabit volume on a device which writes at a 1 megabit per second data rate would be roughly 10,000 seconds or three hours. If a significant number of the files processed require this type of processing, then the availability of tape devices for normal processing is severely impacted.
  • a second alternative is for the control program to scan through every channel program which is received from an application to determine whether there are any commands which might have undesirable effects.
  • the channel program is typically in the user's address space which may lead to additional complexities with storage protection keys and address space translation problems.
  • control program may need to examine the parameter data associated with the command in order to assess its impact. This implies that a detailed knowledge of the device command set must be coded into the control program. It also creates the problem of having to update the control program every time new functions are introduced so that they are not rejected by the checking performed in the control program (e.g., an unknown function or command must be assumed to be a potential access violation and therefore it must be rejected). This may prohibit the early introduction of new functions by providing support directly in the application without the control program's knowledge.
  • the program may not be able to assess whether the command creates a problem or not. For instance, a Locate command specifies some logical block further down the medium.
  • the control program may or may not know the extent (e.g., the range of logical blocks) of the currently active dataset and therefore may not be able to determine whether the access is outside the range of the dataset.
  • a set of control parameters is generated for the device for a given application program.
  • a tape control unit uses the parameters to process commands from the application program and thereby control access to the tape.
  • an extent is defined on the tape and controls are defined which govern the type of access permitted within the extent.
  • the system rejects any commands which attempt to access medium outside of the defined extent. Write and formatting commands within the extent are limited and partition changes, loads and unloads are prohibited.
  • FIG. 1 is block diagram of a computer device input/output system utilizing the teachings of the present invention.
  • FIG. 2 is a flow diagram of the control program logic utilized in the system of the present invention.
  • FIG. 3 is a flow diagram of the device control logic utilized in the system of the present invention.
  • FIG. 1 is block diagram of a computer device input/output system utilizing the teachings of the present invention.
  • the system 10 includes a computer 12 , a device control unit 14 , a input/output device 16 and media 18 .
  • a user application program 20 running on the computer 12 generates input and output (I/O) requests which are received and interpreted by a computer control program 22 .
  • the application program may be a word processing program and the control program may be an operating system program such as DOS or UNIX.
  • the control program 22 on initiation of an application request, identifies the attributes of the application program ( 24 ) and of a dataset ( 26 ) on which the program is operating and generates a set of controls for an access monitor and control program 28 of the device control unit 14 .
  • Typical application attributes include a list of data groups to which it has an access privilege (e.g., read-only, read-write, etc.) and typical dataset attributes include a data group with which it is associated and perhaps limitations on access (i.e., read-only, read-write, etc.).
  • the control unit 14 is a device manager having a microprocessor (not shown) which converts signals formatted with the protocol of the computer 12 into signals formatted with the protocol of the input/output device 16 .
  • the control unit 14 also controls the I/O device 16 to format and position the media 18 and to access individual files 30 , 32 and 34 therein.
  • the I/O device 16 is a tape drive unit and the media 18 is a tape.
  • FIG. 2 is a flow diagram of the control program logic utilized in the system of the present invention.
  • FIG. 3 is a flow diagram of the device control logic utilized in the system of the present invention.
  • the control program 22 receives a request to run the application program 20 .
  • the program 22 fetches application and dataset attributes 24 and 26 , respectively.
  • the program 22 determines appropriate controls from the attributes. For example, if the program has read access to the data group with which the dataset is associated, the controls would specify accesses limited to reads and limited to the section of the medium associated with that dataset.
  • step 48 the controls are sent to the access monitor and control program 28 of control unit 14 and stored in memory (not shown)
  • the application program is run (step 50 ).
  • steps 52 and 54 I/O requests are processed by the device control logic routine 60 of FIG. 3 in the access monitor and control program 28 . If a protection violation is detected, the I/O request and, in some cases, the application program are terminated and the routine ends (step 58 ). If no protection violation occurs, the application is allowed to access the device 16 .
  • the device control logic routine of the access monitor and control program 28 processes I/O requests from the application program and detects protection violations by first checking in memory to determine if device controls are present (step 64 ). If not, the command is processed. If, however, device controls are present in memory, the routine 60 retrieves the controls at step 66 . Then, the I/O command is checked against each of the controls (step 68 , 70 , etc.). If none of the controls are violated, the command is processed (step 72 ) and good status is returned to the control program (step 74 ). If, however, any of the controls are violated, the command fails (step 76 ) and a protection violation is indicated to the control program (step 54 of FIG. 2 ).
  • the controls may be defined as follows.
  • an extent is defined on the medium 18 as a range of logically consecutive storage locations on the medium 18 .
  • an extent is defined on the medium 18 as a range of logically consecutive storage locations on the medium 18 .
  • a tape volume which is access only for reading, it is a range of logical blocks starting at one logical block in a given medium partition through a series of consecutive logical blocks in the same partition or in one or more subsequent medium partitions.
  • the extent would typically have a specific starting position, such as the beginning of a partition or following some specified logical block, and a generalized ending position, such as the end of the same or some subsequent partition.
  • a new command is created (e.g., “Define Extent”).
  • This command is used to specify the beginning and ending position of the extent of medium to be protected.
  • the starting position argument should be able to specify the start of the extent in any one of the following ways: 1) beginning of medium; 2) beginning of partition; 3) the current medium position (e.g., before the next block in the forward direction); 4) the position after the preceding tape mark; and 5) a specified partition number and logical block number on the medium.
  • Items 1 or 2 would typically be used for cases where the application has access to either the entire medium or the entire partition, respectively.
  • Item 3 would typically be used when the medium is positioned to the beginning of the file to be accessed.
  • Item 4 would typically be the same as item 3 in the case of a file which is accessed in the forward direction. Item 4 would also be useful for specifying the beginning of a file when the medium is positioned to the end of the file. Item 5 can be used to define an arbitrary starting point on the medium. For all cases except 4, the device can determine a specific partition number and logical block number associated with the start of the extent. For case 4, the device can determine a specific partition number and logical block number associated with the start of the extent if and only if it has already accessed all logical blocks between the preceding tape mark and the current location.
  • the ending position argument should be able to specify the end of the extent in any of the following ways; 1) end of medium; 2) end of partition; 3) the current medium position (e.g., after the next block in the backward direction); 4) the position before the succeeding tape mark; 5) end of data (e.g., after the last valid block written); and 6) a specified partition number and logical block number on the medium.
  • Items 1 or 2 would typically be used for write cases where the application has access to all data following the start of extent on the entire medium or the entire partition, respectively.
  • Item 3 would typically be used when the medium is positioned to the end of the file which is to be accessed.
  • Item 4 would typically be used when the medium is positioned to the beginning of the file which is to be accessed for reading and the control program does not know the exact position of the end of the file (as indicated by the next tape mark in the forward direction).
  • Item 5 would be used to access data up to the last block written to the medium from the last recording pass. This would typically be used if the application has access to all valid data on the medium (e.g., including any labels and tape marks at the end of the file).
  • Item 6 can be used to define an arbitrary ending point on the medium.
  • the device can determine a specific partition number and logical block number associated with the end of the extent.
  • the device can determine a specific partition number and logical block number associated with the end of the extent if and only if it has already accessed all logical blocks between the current medium position and the specified end of extent.
  • controls are defined which govern the type of access on the medium which are allowed.
  • the application program would normally have full read and write access to any portion of the medium:
  • any commands which attempt to position the medium outside the extent specified by the last Define Extent command which was issued are rejected.
  • medium positioning must remain within the limits of the defined extent.
  • the control is not allowed to be activated if the medium is not positioned within the extent when the command is issued.
  • the performance of a Locate command may be limited if the device cannot associate the extent boundary in the direction of travel with a specific logical block number as discussed above. In this case, the device normally must sequentially access all blocks between the current position and target position to ensure that the extent boundary condition is not encountered. In cases where this performance degradation is likely for a Locate operation and additionally the applications under consideration are dependent on the Locate command, an extent boundary specification should be used which can be associated with a logical block number.
  • any commands which cause the medium to be loaded or unloaded are rejected. This includes, for example, a Rewind Unload command.
  • commands which cause the medium to be loaded or unloaded may be accepted.
  • Controls can be used independently of each other and, except for Extent Protect, independently of the Define Extent command.
  • the controls would typically be provided through a mode set type command and would be persistent once issued until changed by the program, or possibly, until the current volume is unloaded.
  • the Mode Set and Define Extent commands are treated as commands reserved for the control program to provide a mechanism that prevents the application from modifying the above controls or the extent definition.
  • the control program 22 can inhibit the use of the Define Extent command and Mode Set commands to the application as required.
  • the control program has the ability to do all of the following: 1) limit accesses to a specific extent of the medium; 2) limit the scope of volume access (more specifically, read-only or read-write access can be selected); 3) limit volume access to a single volume or partition by disabling the ability to change the medium or the partition; and 4) limit the volume formatting to data-only modifications.
  • the control program establishes a set of constraints at the beginning of processing which prevent the application from performing any actions which result in unauthorized access, file formatting integrity errors, or volume integrity errors. These constraints do not require the control program to monitor the contents of channel programs and the overhead is limited to the establishment of constraints once per file activation (e.g., OPEN).
  • the present invention has been described herein with reference to a particular embodiment for a particular application. Those having ordinary skill in the art and access to the present teachings will recognize additional modifications applications and embodiments within the scope thereof.
  • the invention is not limited to use with tape devices.
  • the teachings of the present invention may be used with any storage media.
  • the invention is not limited to the commands defined in the illustrative embodiment. The Invention allows for a variety of commands to be defined and used to suite a particular application.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
US08/281,868 1994-07-27 1994-07-27 System for providing access protection on media storage devices by selecting from a set of generated control parameters in accordance with application attributes Expired - Fee Related US6219726B1 (en)

Priority Applications (6)

Application Number Priority Date Filing Date Title
US08/281,868 US6219726B1 (en) 1994-07-27 1994-07-27 System for providing access protection on media storage devices by selecting from a set of generated control parameters in accordance with application attributes
CN95104777A CN1081362C (zh) 1994-07-27 1995-04-25 在介质存储设备上提供存取保护的系统
JP13525495A JP3600313B2 (ja) 1994-07-27 1995-06-01 アクセス制御システム
DE69517256T DE69517256T2 (de) 1994-07-27 1995-07-03 System und Verfahren zur Versorgung des Zugriffsschutzes auf Informationsspeichereinrichtung
EP95304641A EP0695986B1 (de) 1994-07-27 1995-07-03 System und Verfahren zur Versorgung des Zugriffsschutzes auf Informationsspeichereinrichtung
KR1019950021741A KR100213849B1 (ko) 1994-07-27 1995-07-22 매체 저장 장치로의 액세스 제한 시스템 및 방법

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US08/281,868 US6219726B1 (en) 1994-07-27 1994-07-27 System for providing access protection on media storage devices by selecting from a set of generated control parameters in accordance with application attributes

Publications (1)

Publication Number Publication Date
US6219726B1 true US6219726B1 (en) 2001-04-17

Family

ID=23079105

Family Applications (1)

Application Number Title Priority Date Filing Date
US08/281,868 Expired - Fee Related US6219726B1 (en) 1994-07-27 1994-07-27 System for providing access protection on media storage devices by selecting from a set of generated control parameters in accordance with application attributes

Country Status (6)

Country Link
US (1) US6219726B1 (de)
EP (1) EP0695986B1 (de)
JP (1) JP3600313B2 (de)
KR (1) KR100213849B1 (de)
CN (1) CN1081362C (de)
DE (1) DE69517256T2 (de)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030023867A1 (en) * 2001-07-25 2003-01-30 Thibadeau Robert H. Methods and systems for promoting security in a computer system employing attached storage devices
US6715043B1 (en) * 1999-03-19 2004-03-30 Phoenix Technologies Ltd. Method and system for providing memory-based device emulation
US20050160281A1 (en) * 2001-07-25 2005-07-21 Seagate Technology Llc System and method for delivering versatile security, digital rights management, and privacy services
US20050223164A1 (en) * 2004-03-30 2005-10-06 Hitachi, Ltd. Assuring genuineness of data stored on a storage device
US20060155939A1 (en) * 2004-12-24 2006-07-13 Yasuyuki Nagasoe Data processing system and method
US20060206720A1 (en) * 2005-03-08 2006-09-14 Hideki Harada Method, program and system for limiting I/O access of client
US20070250710A1 (en) * 2006-04-25 2007-10-25 Seagate Technology Llc Versatile secure and non-secure messaging
US7539890B2 (en) 2006-04-25 2009-05-26 Seagate Technology Llc Hybrid computer security clock
US8429724B2 (en) 2006-04-25 2013-04-23 Seagate Technology Llc Versatile access control system
US20230010385A1 (en) * 2021-07-07 2023-01-12 Fujitsu Limited Storage control apparatus and storage control method

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5966732A (en) * 1996-12-02 1999-10-12 Gateway 2000, Inc. Method and apparatus for adding to the reserve area of a disk drive
JP3228182B2 (ja) * 1997-05-29 2001-11-12 株式会社日立製作所 記憶システム及び記憶システムへのアクセス方法
US7631198B2 (en) * 2005-05-10 2009-12-08 Seagate Technology Protocol scripting language for safe execution in embedded system

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4525780A (en) * 1981-05-22 1985-06-25 Data General Corporation Data processing system having a memory using object-based information and a protection scheme for determining access rights to such information
US4604694A (en) * 1983-12-14 1986-08-05 International Business Machines Corporation Shared and exclusive access control
US4780821A (en) * 1986-07-29 1988-10-25 International Business Machines Corp. Method for multiple programs management within a network having a server computer and a plurality of remote computers
US4941107A (en) * 1986-11-17 1990-07-10 Kabushiki Kaisha Toshiba Image data processing apparatus
US5065429A (en) * 1989-04-03 1991-11-12 Lang Gerald S Method and apparatus for protecting material on storage media
US5191611A (en) * 1989-04-03 1993-03-02 Lang Gerald S Method and apparatus for protecting material on storage media and for transferring material on storage media to various recipients
US5276735A (en) * 1992-04-17 1994-01-04 Secure Computing Corporation Data enclave and trusted path system
US5283830A (en) * 1991-12-17 1994-02-01 International Computers Limited Security mechanism for a computer system
US5339403A (en) * 1990-05-11 1994-08-16 International Computers Limited Access control in a distributed computer system

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS595495A (ja) * 1982-06-30 1984-01-12 Fujitsu Ltd 記憶領域保護方式
US4587628A (en) * 1983-12-05 1986-05-06 International Business Machines Corporation Method and apparatus for dynamic invocation of utilities
JPS63296136A (ja) * 1987-05-27 1988-12-02 Nec Corp プログラムの正当性確認方法
GB2230881A (en) * 1989-04-28 1990-10-31 Christopher William Cowsley Data storage protection
JPH036644A (ja) * 1989-06-02 1991-01-14 Nec Corp 記憶保護方式
JPH03224047A (ja) * 1990-01-30 1991-10-03 Toshiba Corp 携帯可能電子装置
US5410700A (en) * 1991-09-04 1995-04-25 International Business Machines Corporation Computer system which supports asynchronous commitment of data
CN1068212A (zh) * 1992-03-11 1993-01-20 邵通 微机硬盘读写控制器
US5414852A (en) * 1992-10-30 1995-05-09 International Business Machines Corporation Method for protecting data in a computer system

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4525780A (en) * 1981-05-22 1985-06-25 Data General Corporation Data processing system having a memory using object-based information and a protection scheme for determining access rights to such information
US4604694A (en) * 1983-12-14 1986-08-05 International Business Machines Corporation Shared and exclusive access control
US4780821A (en) * 1986-07-29 1988-10-25 International Business Machines Corp. Method for multiple programs management within a network having a server computer and a plurality of remote computers
US4941107A (en) * 1986-11-17 1990-07-10 Kabushiki Kaisha Toshiba Image data processing apparatus
US5065429A (en) * 1989-04-03 1991-11-12 Lang Gerald S Method and apparatus for protecting material on storage media
US5191611A (en) * 1989-04-03 1993-03-02 Lang Gerald S Method and apparatus for protecting material on storage media and for transferring material on storage media to various recipients
US5339403A (en) * 1990-05-11 1994-08-16 International Computers Limited Access control in a distributed computer system
US5283830A (en) * 1991-12-17 1994-02-01 International Computers Limited Security mechanism for a computer system
US5276735A (en) * 1992-04-17 1994-01-04 Secure Computing Corporation Data enclave and trusted path system

Cited By (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6715043B1 (en) * 1999-03-19 2004-03-30 Phoenix Technologies Ltd. Method and system for providing memory-based device emulation
US7426747B2 (en) 2001-07-25 2008-09-16 Antique Books, Inc. Methods and systems for promoting security in a computer system employing attached storage devices
US20050066191A1 (en) * 2001-07-25 2005-03-24 Seagate Technology Llc System and method for delivering versatile security, digital rights management, and privacy services from storage controllers
US20050160281A1 (en) * 2001-07-25 2005-07-21 Seagate Technology Llc System and method for delivering versatile security, digital rights management, and privacy services
US7925894B2 (en) 2001-07-25 2011-04-12 Seagate Technology Llc System and method for delivering versatile security, digital rights management, and privacy services
US20050268114A1 (en) * 2001-07-25 2005-12-01 Seagate Technology Llc Methods and systems for promoting security in a computer system employing attached storage devices
US7036020B2 (en) 2001-07-25 2006-04-25 Antique Books, Inc Methods and systems for promoting security in a computer system employing attached storage devices
US20030023867A1 (en) * 2001-07-25 2003-01-30 Thibadeau Robert H. Methods and systems for promoting security in a computer system employing attached storage devices
US7461270B2 (en) 2001-07-25 2008-12-02 Seagate Technology Llc Methods and systems for promoting security in a computer system employing attached storage devices
US7917708B2 (en) 2004-03-30 2011-03-29 Hitachi, Ltd. Assuring genuineness of data stored on a storage device
US20050223164A1 (en) * 2004-03-30 2005-10-06 Hitachi, Ltd. Assuring genuineness of data stored on a storage device
US7162593B2 (en) * 2004-03-30 2007-01-09 Hitachi, Ltd. Assuring genuineness of data stored on a storage device
US20070083724A1 (en) * 2004-03-30 2007-04-12 Hitachi, Ltd. Assuring genuineness of data stored on a storage device
US7130971B2 (en) 2004-03-30 2006-10-31 Hitachi, Ltd. Assuring genuineness of data stored on a storage device
US20060117157A1 (en) * 2004-03-30 2006-06-01 Hitachi, Ltd. Assuring genuineness of data stored on a storage device
US20090228645A1 (en) * 2004-03-30 2009-09-10 Hitachi, Ltd. Assuring genuineness of data stored on a storage device
US7555618B2 (en) 2004-03-30 2009-06-30 Hitachi, Ltd. Assuring genuineness of data stored on a storage device
US20060155939A1 (en) * 2004-12-24 2006-07-13 Yasuyuki Nagasoe Data processing system and method
US7243189B2 (en) * 2004-12-24 2007-07-10 Hitachi, Ltd. Data processing system and method
US20060206720A1 (en) * 2005-03-08 2006-09-14 Hideki Harada Method, program and system for limiting I/O access of client
US7539890B2 (en) 2006-04-25 2009-05-26 Seagate Technology Llc Hybrid computer security clock
US20090235109A1 (en) * 2006-04-25 2009-09-17 Seagate Technology Llc Hybrid computer security clock
US20070250710A1 (en) * 2006-04-25 2007-10-25 Seagate Technology Llc Versatile secure and non-secure messaging
US8028166B2 (en) 2006-04-25 2011-09-27 Seagate Technology Llc Versatile secure and non-secure messaging
US8281178B2 (en) 2006-04-25 2012-10-02 Seagate Technology Llc Hybrid computer security clock
US8429724B2 (en) 2006-04-25 2013-04-23 Seagate Technology Llc Versatile access control system
US20230010385A1 (en) * 2021-07-07 2023-01-12 Fujitsu Limited Storage control apparatus and storage control method
US11688422B2 (en) * 2021-07-07 2023-06-27 Fujitsu Limited Storage control apparatus and storage control method

Also Published As

Publication number Publication date
JPH0855062A (ja) 1996-02-27
EP0695986B1 (de) 2000-05-31
CN1128374A (zh) 1996-08-07
CN1081362C (zh) 2002-03-20
DE69517256T2 (de) 2000-12-21
DE69517256D1 (de) 2000-07-06
EP0695986A1 (de) 1996-02-07
KR100213849B1 (ko) 1999-08-02
JP3600313B2 (ja) 2004-12-15

Similar Documents

Publication Publication Date Title
US6336175B1 (en) Method and system for providing restricted write access to a storage medium
US4947318A (en) Data processing security system for automatically transferring software protection data from removable store into internal memory upon mounting of stores
US6185661B1 (en) Worm magnetic storage device
EP1034488B1 (de) Grundfunktionen eines dateiensystemes zur nativen unterstützung eines dateiensystems für entfernte dateispeicherung
US5566319A (en) System and method for controlling access to data shared by a plurality of processors using lock files
US5390297A (en) System for controlling the number of concurrent copies of a program in a network based on the number of available licenses
US6219726B1 (en) System for providing access protection on media storage devices by selecting from a set of generated control parameters in accordance with application attributes
US20070094471A1 (en) Method and system for providing restricted access to a storage medium
US5632027A (en) Method and system for mass storage device configuration management
US20010021966A1 (en) Access monitor and access monitoring method
US8838926B2 (en) Interacting with data in hidden storage
KR19990013369A (ko) 저장 관리 시스템의 공간 할당 실패를 감소시키는 방법 및장치
JPH0570859B2 (de)
US6505213B1 (en) File management apparatus and method
US5432929A (en) Storage subsystem having a modifiable key-lock
EP0756228B1 (de) Erweitern der Datenträgerverwaltung von Informationsspeichereinrichtungen zum Behandeln des direkten Zugriffs zu Speichereinrichtungen
JPH0887440A (ja) データ入出力管理装置及びデータ入出力管理方法
US6108791A (en) Password processing apparatus and method
US5584029A (en) Data protecting system for an echangeable storage medium comprising power supply control means, medium detection means and medium identifying means
US5978914A (en) Method and apparatus for preventing inadvertent changes to system-critical files in a computing system
JPH06124239A (ja) キャッシュメモリの常駐データ制御装置
US6463502B1 (en) Backup copying of data to a tape unit with a cache memory
EP0539966B1 (de) System und Verfahren zur Steuerung einer magneto-optischen Platte
JPH02157988A (ja) Icカードにおけるコマンド処理方法
US6912662B1 (en) Cooling-off period for destructive software

Legal Events

Date Code Title Description
AS Assignment

Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:RIPBERGER, RICHARD A.;REEL/FRAME:007120/0242

Effective date: 19940715

FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

FPAY Fee payment

Year of fee payment: 4

REMI Maintenance fee reminder mailed
LAPS Lapse for failure to pay maintenance fees
STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20090417